Bug 29926: Add pasword expiration route for API

To test: 1 - prove -v t/db_dependent/api/v1/patrons_password_expiration.t Signed-off-by: Bob Bennhoff <bbennhoff@clicweb.org> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
2 years ago · e18e1d9e9d
4 changed files with 220 additions and 0 deletions
--- a/Koha/REST/V1/Patrons/Password/Expiration.pm
+++ b/Koha/REST/V1/Patrons/Password/Expiration.pm
@ -0,0 +1,65 @@
+package Koha::REST::V1::Patrons::Password::Expiration;
+
+# This file is part of Koha.
+#
+# Koha is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# Koha is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Koha; if not, see <http://www.gnu.org/licenses>.
+
+use Modern::Perl;
+
+use Mojo::Base 'Mojolicious::Controller';
+
+use Koha::Patrons;
+use Koha::DateUtils qw(dt_from_string);
+
+use Scalar::Util qw( blessed );
+use Try::Tiny qw( catch try );
+
+=head1 NAME
+
+Koha::REST::V1::Patrons::Password::Expiration
+
+=head1 API
+
+=head2 Methods
+
+=head3 set
+
+Controller method that sets a patron's password expiration
+
+=cut
+
+sub set {
+
+    my $c = shift->openapi->valid_input or return;
+
+    my $patron = Koha::Patrons->find( $c->validation->param('patron_id') );
+    my $body   = $c->validation->param('body');
+
+    unless ($patron) {
+        return $c->render( status => 404, openapi => { error => "Patron not found." } );
+    }
+
+    my $password_expiration_date   = $body->{expiration_date} // "";
+
+    return try {
+        my $pw_expiration_dt = dt_from_string($password_expiration_date);
+        $patron->password_expiration_date( $pw_expiration_dt)->store();
+        return $c->render( status => 200, openapi => "" );
+    }
+    catch {
+        $c->unhandled_exception($_);
+    };
+}
+
+1;
--- a/api/v1/swagger/paths/patrons_password_expiration.yaml
+++ b/api/v1/swagger/paths/patrons_password_expiration.yaml
@ -0,0 +1,57 @@
+---
+"/patrons/{patron_id}/password/expiration":
+  post:
+    x-mojo-to: Patrons::Password::Expiration#set
+    operationId: setPatronPasswordExpiration
+    tags:
+      - patrons
+    summary: Set password expiration for a patron
+    parameters:
+      - $ref: ../parameters.yaml#/patron_id_pp
+      - name: body
+        in: body
+        description: A JSON object containing password expiration date
+        schema:
+          type: object
+          properties:
+            expiration_date:
+              description: Date to expire password
+              type: string
+          required:
+            - expiration_date
+          additionalProperties: false
+    produces:
+      - application/json
+    responses:
+      "200":
+        description: Password expiration changed
+      "400":
+        description: Bad request
+        schema:
+          $ref: ../definitions.yaml#/error
+      "401":
+        description: Authentication required
+        schema:
+          $ref: ../definitions.yaml#/error
+      "403":
+        description: Access forbidden
+        schema:
+          $ref: ../definitions.yaml#/error
+      "404":
+        description: Patron not found
+        schema:
+          $ref: ../definitions.yaml#/error
+      "500":
+        description: |
+          Internal server error. Possible `error_code` attribute values:
+
+          * `internal_server_error`
+        schema:
+          $ref: ../definitions.yaml#/error
+      "503":
+        description: Under maintenance
+        schema:
+          $ref: ../definitions.yaml#/error
+    x-koha-authorization:
+      permissions:
+        superlibrarian: "1"
--- a/api/v1/swagger/swagger.yaml
+++ b/api/v1/swagger/swagger.yaml
@ -177,6 +177,8 @@ paths:
    $ref: "./paths/patrons_holds.yaml#/~1patrons~1{patron_id}~1holds"
  "/patrons/{patron_id}/password":
    $ref: "./paths/patrons_password.yaml#/~1patrons~1{patron_id}~1password"
+  "/patrons/{patron_id}/password/expiration":
+    $ref: "./paths/patrons_password_expiration.yaml#/~1patrons~1{patron_id}~1password~1expiration"
  "/public/biblios/{biblio_id}":
    $ref: "./paths/biblios.yaml#/~1public~1biblios~1{biblio_id}"
  "/public/biblios/{biblio_id}/items":
--- a/t/db_dependent/api/v1/patrons_password_expiration.t
+++ b/t/db_dependent/api/v1/patrons_password_expiration.t
@ -0,0 +1,96 @@
+#!/usr/bin/perl
+
+# This file is part of Koha.
+#
+# Koha is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# Koha is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Koha; if not, see <http://www.gnu.org/licenses>.
+
+use Modern::Perl;
+
+use Test::More tests => 1;
+
+use Test::Mojo;
+
+use t::lib::TestBuilder;
+use t::lib::Mocks;
+
+use Koha::Patrons;
+
+my $schema  = Koha::Database->new->schema;
+my $builder = t::lib::TestBuilder->new;
+
+t::lib::Mocks::mock_preference( 'RESTBasicAuth', 1 );
+
+my $t = Test::Mojo->new('Koha::REST::V1');
+
+subtest 'basic tests' => sub {
+
+    plan tests => 12;
+
+    $schema->storage->txn_begin;
+
+    my $privileged_patron = $builder->build_object(
+        {
+            class => 'Koha::Patrons',
+            value => { flags => 1 }
+        }
+    );
+    my $password = 'thePassword123';
+    $privileged_patron->set_password(
+        { password => $password, skip_validation => 1 } );
+    my $userid = $privileged_patron->userid;
+
+    my $patron = $builder->build_object( { class => 'Koha::Patrons' } );
+
+    t::lib::Mocks::mock_preference( 'dateformat','us' );
+
+    my $new_password = 'abc';
+
+    $t->post_ok( "//$userid:$password@/api/v1/patrons/"
+          . $patron->id
+          . "/password/expiration" => json =>
+          { expiration_date => '2021-01-01' } )
+      ->status_is(200)->json_is('');
+
+    $t->post_ok( "//$userid:$password@/api/v1/patrons/"
+          . $patron->id
+          . "/password/expiration" => json =>
+          { expiration_date => '01/13/2021' } )
+      ->status_is(200)->json_is('');
+
+    $t->post_ok( "//$userid:$password@/api/v1/patrons/"
+          . $patron->id
+          . "/password/expiration" => json =>
+          { expiration_date => '13/01/2021' } )
+      ->status_is(500)->json_is({
+          error => 'Something went wrong, check Koha logs for details.',
+          error_code => "internal_server_error"
+      });
+
+    $privileged_patron->flags(0)->store();
+
+    $t->post_ok( "//$userid:$password@/api/v1/patrons/"
+          . $patron->id
+          . "/password/expiration" => json =>
+          { expiration_date => '2021-01-01' } )
+      ->status_is(403)->json_is({
+           error => "Authorization failure. Missing required permission(s).",
+           "required_permissions" => {
+               "superlibrarian" => "1"
+           }
+      });
+
+
+
+    $schema->storage->txn_rollback;
+};